diff --git a/packages/safe-chain/src/registryProxy/interceptors/npm/modifyNpmInfo.js b/packages/safe-chain/src/registryProxy/interceptors/npm/modifyNpmInfo.js index d8468d6..a9a8c41 100644 --- a/packages/safe-chain/src/registryProxy/interceptors/npm/modifyNpmInfo.js +++ b/packages/safe-chain/src/registryProxy/interceptors/npm/modifyNpmInfo.js @@ -178,6 +178,25 @@ export function getHasSuppressedVersions() { return state.hasSuppressedVersions; } +/** + * @param {Buffer} body + * @param {NodeJS.Dict | undefined} headers + * @returns {string | undefined} + */ +export function getPackageNameFromMetadataResponse(body, headers) { + try { + const contentType = getHeaderValueAsString(headers, "content-type"); + if (!contentType?.toLowerCase().includes("application/json")) { + return undefined; + } + + const bodyJson = JSON.parse(body.toString("utf8")); + return typeof bodyJson.name === "string" ? bodyJson.name : undefined; + } catch { + return undefined; + } +} + /** * Checks if a package name matches an exclusion pattern. * Supports trailing wildcard (*) for prefix matching. diff --git a/packages/safe-chain/src/registryProxy/interceptors/npm/npmInterceptor.js b/packages/safe-chain/src/registryProxy/interceptors/npm/npmInterceptor.js index 8a6d7eb..57e5b93 100644 --- a/packages/safe-chain/src/registryProxy/interceptors/npm/npmInterceptor.js +++ b/packages/safe-chain/src/registryProxy/interceptors/npm/npmInterceptor.js @@ -6,6 +6,7 @@ import { import { isMalwarePackage } from "../../../scanning/audit/index.js"; import { interceptRequests } from "../interceptorBuilder.js"; import { + getPackageNameFromMetadataResponse, isPackageInfoUrl, matchesExclusionPattern, modifyNpmInfoRequestHeaders, @@ -47,8 +48,6 @@ function buildNpmInterceptor(registry) { registry ); const minimumAgeChecksEnabled = !skipMinimumPackageAge(); - const packageIsExcludedFromMinimumAgeChecks = - packageName && isExcludedFromMinimumPackageAge(packageName); if (await isMalwarePackage(packageName, version)) { reqContext.blockMalware(packageName, version); @@ -81,7 +80,7 @@ function buildNpmInterceptor(registry) { minimumAgeChecksEnabled && packageName && version && - !packageIsExcludedFromMinimumAgeChecks + !isExcludedFromMinimumPackageAge(packageName) ) { const newPackagesDatabase = await openNewPackagesDatabase(); @@ -106,26 +105,3 @@ function isExcludedFromMinimumPackageAge(packageName) { matchesExclusionPattern(packageName, pattern) ); } - -/** - * @param {Buffer} body - * @param {NodeJS.Dict | undefined} headers - * @returns {string | undefined} - */ -function getPackageNameFromMetadataResponse(body, headers) { - try { - const contentType = headers?.["content-type"]; - const normalizedContentType = Array.isArray(contentType) - ? contentType.join(",") - : contentType; - - if (!normalizedContentType?.toLowerCase().includes("application/json")) { - return undefined; - } - - const bodyJson = JSON.parse(body.toString("utf8")); - return typeof bodyJson.name === "string" ? bodyJson.name : undefined; - } catch { - return undefined; - } -}